Department of Corrections and Rehabilitation - Operations Manual

Cancel

Chapter 4 – Information Technology

Article 38 – Electronic Mail

View All Sections >

47110.8 Confidential and Sensitive Information

  • Certain types of information maintained by the CDCRCalifornia Department of Corrections and Rehabilitation are confidential and protected by State and federal law. The use of e-mail to send confidential information should be limited to an as needed basis. Never type the information in the body of the e-mail, and never send a password or decryption key in the same e-mail. Unless the file is encrypted or password-protected, it can be read by others and, therefore, is not considered private communication.

  • Following is a list of the types of information defined as HRCI that shall not be included in e-mail or attached to an e-mail, unless the e-mail and/or attachments are encrypted:

    • Personally identifiable information such as a person’s name in conjunction with the person’s social security number, credit or debit card information, individual financial account, driver’s license number, state IDInstitutions Division (see DAI) number, or passport number, or a name in conjunction with biometric information;

    • Personal health information such as any information about health status, provisions of health care, or payment for health care information as protected under the Health Insurance Portability and Accountability Act of 1996 (HIPAA);

    • Correctional Offender Record Information as defined in California Penal Code sections 13100-13104;

    • Information that if disclosed would reveal vulnerabilities to, or otherwise increase the potential for an attack on, an information technology system of a public agency as specified in GCGovernment Code section 6254.19. Examples include but are not limited to firewall and router configuration information, server names and IP addresses, and other system configuration details;

    • Any documentation of information which contains information or data within any Gang Database as defined in the CDCRCalifornia Department of Corrections and Rehabilitation Department Operations Manual (DOMDepartment Operations Manual) sections 52070.22-52070.24;

    • Records of investigations, intelligence information, or security procedures as specified in GCGovernment Code section 6254(f); this includes but is not limited to information identifying confidential informants and security procedures contained in DOMDepartment Operations Manual section 55000.

    • Personnel, medical, or similar files, the disclosure of which would constitute an unwarranted invasion of personal privacy protected under GCGovernment Code section 6254(c) or the Peace Officers Bill of Rights under GCGovernment Code section 3300 et seq.

  • Encrypted e-mail must be used when HRCI information is sent to non-CDCRCalifornia Department of Corrections and Rehabilitation e-mail addresses by placing the keywords of “CDCRCalifornia Department of Corrections and Rehabilitation Encrypted Message” into the subject line of the e-mail without the quotes. This method should be used only when transmitting HRCI, confidential, or sensitive data.

  • Prior to sending any e-mail, verify the accuracy of the recipient’s e-mail address to prevent unintentionally sending it to an unauthorized individual. Once an e-mail is sent outside the Department, it cannot be recalled and/or undone.